net/tcp: Limit TCP_AO_REPAIR to non-listen sockets

Listen socket is not an established TCP connection, so
setsockopt(TCP_AO_REPAIR) doesn't have any impact.

Restrict this uAPI for listen sockets.

Fixes: faadfaba5e01 ("net/tcp: Add TCP_AO_REPAIR")
Signed-off-by: Dmitry Safonov <dima@arista.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c9f078224569ee7de59b91ab2aa8a89cd599b9fe..ff6838ca2e58068d6ab435d2bb31babccb728c19 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3610,6 +3610,10 @@ int do_tcp_setsockopt(struct sock *sk, int level, int optname,
                break;
 
        case TCP_AO_REPAIR:
+               if (!tcp_can_repair_sock(sk)) {
+                       err = -EPERM;
+                       break;
+               }
                err = tcp_ao_set_repair(sk, optval, optlen);
                break;
 #ifdef CONFIG_TCP_AO
@@ -4309,6 +4313,8 @@ zerocopy_rcv_out:
        }
 #endif
        case TCP_AO_REPAIR:
+               if (!tcp_can_repair_sock(sk))
+                       return -EPERM;
                return tcp_ao_get_repair(sk, optval, optlen);
        case TCP_AO_GET_KEYS:
        case TCP_AO_INFO: {